Session:Bypassing the Suprema BIOStar Fingerprint Access Control

From 36C3 Wiki
Description I'll show you how you can bypass a biometric access control (fingerprint reader) from Suprema. This device is broken AF
Website(s) https://www.supremainc.com/
Type Talk
Kids session No
Keyword(s) hardware, software, hacking, security
Tags Assembly:HSBE, security, pentesting, biometric, accesscontrol, fingerprint
Processing assembly Assembly:HSBE
Person organizing C
Language en - English
en - English
Other sessions... ... further results

(Click here to refresh this page.)

Starts at 2019/12/28 19:00
Ends at 2019/12/28 19:45
Duration 45 minutes
Location Assembly:HSBE
SupremaBiostar.jpeg
Hacking suprema.png

Suprema is a major brand in the world of 'biometric access controls' aka fingerprint-reader-locks. These things allow for people to open doors to their home, office, etc. using their fingerprint (duh...). The device matches the scanned print with a collection of prints in a database. If it finds a match then it triggers the relay which unlocks the door. This sounds simple enough but there are a ton of things that might go wrong with this, certainly when the necessary checks are not enabled in the devices configuration, which is almost never the case. These checks involve for example 'tamper-control', a sensor which triggers an alarm when the device is physically tampered with. In the end the fingerprint-reader needs some sort of connection to a control-server which allows the admin to manage registered prints, so the device needs a network-connection. If the device is not protected with tamper-control (which is not enabled by default) then this leaves the network-connection at the back of the device vulnerable for all sorts of attacks. In the end, if these devices are not properly installed, it's like laying a laptop outside the front-door of your office, connected with a LAN-cable to your network by the way.